Friday, August 07, 2009

Twitter vs. Facebook: how to manage a downtime

Yesterday's DDoS attacks on Facebook and Twitter exposed the critical addiction to social networking and the fragility of high-loaded web applications. It is not clear whether there is the same people behind the two attacks, but the system managers and their infrastructures responded differently to the issues in outage, and gave a diverse impression to the end user.

According to Wikipedia, a DDoS is:
A distributed denial of service attack (DDoS) occurs when multiple systems flood the bandwidth or resources of a targeted system, usually one or more web servers.
and that's what happened on August 6. Often the "multiple systems" are remotely controlled by a trojan horse or some similar malware, and are unaware they're being maliciously used.
Let's explore some differences on how both systems reacted to the attack:
  • Facebook uptime was less affected than Twitter one. Although it depends on the particular user point of view, it seems from reports that Facebook shows slowdowns and latency increase, but less significant pages that fails to load in respect to Twitter total outage Personally, I encountered some error pages when using a pair of application, but no unreachable main pages (profile, groups) in the period of time when I used Facebook yesterday (afternoon and evening), and it has to managed the users that turned to it while being unable to tweet.
  • Facebook and Twitter are built on different stacks, althoug it can be a coincidence. Facebook is all php, while Twitter is built on Ruby on Rails. The effective difference depends on what resources the attackers saturated: bandwidth is not dependent by the technology you're using on a webserver, while cpu load and memory usage are affected.
  • Facebook shows some errors, while Twitter not. As I said, I encountered some error pages while using Facebook while Twitter was failing and letting the http request time out. This was particularly fastidious because of widgets that performs a twitter mashup: I was forced to remove the Last tweets column from the sidebar of this blog because it would never load, expanding the downtime of Twitter to Invisible to the eye.
The last point is a tip on how to annoy your users. Facebook had a 99.9% uptime in 2008, while Twitter has a tradition of being unrechable every once in a while. The statistics shows that in the last year the availability of the service was barely ~99%, with 84 hours offline (despite improving from the six days of outage in 2007). Since the uptime is measured in nines, it is much, and since it seems that Twitter might not know when it is offline, another website has been created to monitor it.
Facebook probably has better servers, or more scalable technology: when even the fail whale is unreachable, Facebook will be still here.

No comments: